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DETAILED ACTION 



1. This action is in response to the application filed on 09/24/2004 for request for 
continued examination. Claims 1-20 were received for consideration. Claims 1-12 
were previously presented and Claims 13-20 are new added claims. Claims 1-20 are 
currently being considered. 



Response to Arguments 



2. Applicant's arguments filed September 24, 2004 have been fully considered. 
Applicant's arguments with respect to Claims 1-12 have been considered but are moot 
in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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3. Claims 1 -4, 7 -10, 13, 14 and 16-20 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Alegre et al. (U.S. Patent Number 6,199,1 13). 

Regarding Claim 1 , Alegre teaches and describes a method for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), the method comprising the 
steps of: 

storing security information for a plurality of computer users in a user profile 
database (Column 4 lines 8 - 36); 

receiving at an authorization server coupled with the user profile database log- 
in information from the computer user who has launched a computer application 
(Column 4 lines 8 - 40); 

in response to step b, creating a Session ID for the computer user with the 
authorization server (Column 4 lines 8-40 and Column 6 lines 24-42); 

storing at least a portion of the Session ID on the user's computer (Column 4 
lines 8- 42); 

also in response to step b, creating an object associated with the computer user 
or the Session ID (Column 4 lines 8-42 and Column 5 lines 8 - 20); 

storing the object dynamically in a directory coupled with the authorization server 
(Column 6 lines 24 - 34); 

copying at least some of the security information relating to the computer user 
from the user profile database to the object in the directory (Column 6 lines 24 - 67); 
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comparing the log-in information entered by the computer user to the security 
information for the computer .user and allowing the computer user access to the 
launched computer application if the user is an authenticated or authorized user of the 
computer application (Column 6 lines 24-49); and 

permitting other computer applications launched by the computer user to 
reference the Session ID on the user's computer so that the other computer applications 
may access the object for the computer user on the directory to authenticate or 
authorize the user for the other computer applications without requiring the user to re- 
enter the log-in information (Column 6 lines 6 - 42). 

Regarding Claim 7, Alegre teaches and describes a method for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), the system comprising: 

a user profile database for storing security information for a plurality of computer 
users (Column 4 lines 8 - 36); 

an authorization server coupled with the user profile database for receiving log-in 
information from a computer user who has launched a computer application, for creating 
a Session ID for the computer user, for storing at least a portion of the Session ID on 
the user's computer and for creating an object associated with the computer user or the 
Session ID (Column 4 lines 8 - 42; Column 5 lines 8 - 20 and Column 6 lines 24 - 42); 
and 
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a directory coupled with the authorization server for dynamically storing the 
object created by the authorization server (Column 6 lines 24 - 34), 

the authorization server being further operable for copying at least some of the 
security information relating to the computer user from the user profile database to the 
object in the directory, comparing log information entered by the computer user to the 
security information for the computer user and allowing the computer user access to the 
launched computer application if the user is an authenticated or authorized user of the 
computer application, permitting other computer applications launched by the computer 
user to reference the Session ID on the user's computer so that the other computer 
applications may access the object for the computer user on the directory to 
authenticate or authorize the user for the other computer applications without 
requiring the user to re-enter the log-in information (Column 6 lines 6 - 67). 

Regarding Claim 13, Alegre teaches and describes a method of utilizing an 
authorization server for dynamically tracking a user session in order to authenticate and 
authorize a computer user (Fig 2-13; Summary and Column 4 line 8 - Column 8 line 
44), the method comprising the steps of: 

receiving a log-in from the computer user (Fig. 4 Column 5 lines 21 - 36); 

creating a unique session ID for the user after log-in (Column 4 lines 8-40 and 
Column 6 lines 24 - 42); 

storing data representative of at least a portion of the session ID on the user's 
computer (Column 4 lines 8 - 42); 
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creating an object corresponding to the unique session ID and storing the object 
on the authorization server (Column 4 lines 8-42 and Column 5 lines 8 - 20); 

allowing a first application executed by the user to authenticate the user, wherein 
the first application authenticates the user by accessing the data representative of at 
least a portion of the session ID stored on the user computer and providing the data 
representative of at least a portion of the session ID to the authorization server (Column 
6 lines 24-49); and 

allowing the first application executed by the user to modify the object after the 
user is authenticated (Column 7 lines 3 - Column 8 line 21). 

Claims 2 and 8 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), the security information including 
authentication and authorization information (Column 4 lines 48 - 67 and Column 7 
lines 55 - Column 8 line 20). 

Claims 4 and 10 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
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and Column 4 line 8 - Column 8 line 44), the Session ID being based on at least one of 
the following: a date on which the computer user launched the computer application; a 
time in which the computer user launched the computer application; a TCP/IP address 
of the computer user; and a user name of the computer user (Column 5 line 8 - Column 
6 line 65). 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), wherein the first application 
modifies the object by accessing the data representative of at least a portion of the 
session ID stored on the user computer and providing the data representative of at least 
a portion of the session ID to the authorization server (Column 6 lines 24 - 49 and 
Column 7 line 3 - Column 8 line 21 ). 

Claim 16 is rejected as applied above in rejecting claim 13. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), further including the step of 
allowing a second application to authenticate the user, wherein the second application 
authenticates the user by accessing the data representative of at least a portion of the 
session ID stored on the user computer and providing the data representative of at least 
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a portion of the session ID to the authorization server (Column 7 line 20 - Column 8 line 
21). 

Claim 20 is rejected as applied above in rejecting claim 13. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), further including the step of 
allowing the user to modify the object by utilizing the first application (Column 7 lines 3 - 
32). 

Claims 3 and 9 are rejected as applied above in rejecting claims 2 and 8. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2 — 13; Summary 
and Column 4 line 8 - Column 8 line 44), the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, 
public-key data, certificates, and access control information (Column 5 line 8 - Column 
6 line 65). 

Claim 17 is rejected as applied above in rejecting claim 16. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), further including the step of 
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allowing the second application executed by the user to modify the object after the user 
is authenticated, wherein the second application modifies the object by accessing the 
data representative of at least a portion of the session ID stored on the user computer 
and providing the data representative of at least a portion of the session ID to the 
authorization server (Column 6 lines 24 - 49 and Column 7 line 3 - Column 8 line 21 ). 

Claim 18 is rejected as applied above in rejecting claim 16. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
1 3; Summary and Column 4 line 8 - Column 8 line 44), further including the step of 
allowing the second application to access the object such that the second application is 
operable to utilize the modifications generated by the first application (Column 6 lines 24 
- 49 and Column 7 line 3 - Column 8 line 21 ). 

Claim 19 is rejected as applied above in rejecting claim 16. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), wherein the first application is 
executed utilizing a first third-party server and the second application is executed 
utilizing a second third-party Server (Column 7 line 20 - Column 8 line 44). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 5, 6, 11, 12 and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Alegre et al. (U.S. Patent Number 6,199,1 13, hereinafter "Alegre") in 
view of Hartman et al. (U.S. Patent Number 5,960,41 1 hereinafter "Hartman"). 

Claims 5 and 1 1 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), further including the steps of creating a 
shopping cart and storing the shopping cart along with the object in the directory (Alegre 
Column 8 lines 28 - 44). Alegre does not explicitly disclose that the method for 
dynamically tracking a user session includes the steps of creating a shopping cart and 
storing the shopping cart along with the object in the directory. However, Hartman 
discloses a method for creating a shopping cart and storing the shopping cart along with 
a unique client identifier (cookie), purchaser-specific information (Hartman Column 3 
line 31 - Column 6 line 21 ). Therefore it would have been obvious to one having 
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ordinary skill in the art at the time the invention was made to modify Hartman's shopping 
cart system into the dynamically tracking user session system of Alegre. 

Alegre could have been modified by Hartman to arrive the claimed invention by 
having the shopping cart with user purchase information to be saved on the directory as 
taught by Hartman (See Hartman Column 3 line 31 - Column 8 line 25) and as 
suggested by Alegre (See Alegre Column 7 line 3 — Column 8 line 53). One of ordinary 
skill in the art would have been motivated to modify Alegre by Hartman as discussed 
above because in a shopping cart systems user profiles are stored in a directory as 
taught by Hartman and employing the shopping cart within Alegre would provide an 
efficient and secure method for dynamically tracking a user session. 

Claims 6 and 12 are rejected as applied above in rejecting claims 5 and 1 1 . 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), further including the steps of allowing the user 
to select items to be purchased and storing information relating to the selected items in 
the shopping cart (Hartman Column 3 line 46 - Column 4 line 26; Column 5 line 27 - 
Column 6 line 21 and Column 7 line 57 - Column 8 line 25). 

Claim 15 is rejected as applied above in rejecting claim 13. Furthermore, Alegre 
teaches and describes a method of utilizing an authorization server for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
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13; Summary and Column 4 line 8 - Column 8 line 44). Alegre does not explicitly 
disclose that modifying the object to reflect items selected by the user for purchase. 
However, Harman discloses a method for creating a shopping cart and storing the 
shopping cart, wherein modifying the object to reflect items selected by the user for 
purchase. (Hartman Column 3 line 46 - Column 4 line 26; Column 5 line 27 - Column 6 
line 21 and Column 7 line 57 - Column 8 line 25). Therefore it would have been obvious 
to one having ordinary skill in the art at the time the invention was made to modify 
Hartman's shopping cart system into the dynamically tracking user session system of 
Alegre. 

Alegre could have been modified by Hartman to arrive the claimed invention by 
having the shopping cart with user purchase information to be saved on the directory 
and modifying the object to reflect the user purchase as taught by Hartman (See 
Hartman Column 3 line 31 - Column 8 line 25) and as suggested by Alegre (See Alegre 
Column 7 line 3 - Column 8 line 53). One of ordinary skill in the art would have been 
motivated to modify Alegre by Hartman as discussed above because in a shopping cart 
systems user profiles are stored in a directory as taught by Hartman and employing the 
shopping cart within Alegre would provide an efficient and secure method for 
dynamically tracking a user session. 
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Conclusion 



4. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-232-3795. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900 and the general central fax number is 703 - 872 - 9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). ~ * 




Pramila Parthasarathy 
December 06, 2004. 



